'International crime ring' involved in $2.2m ATM malware heist

Two suspects are believed to be Russian nationals with links to organised crime.

ATM malware was used to hit over 20 branches of the First Bank in Taiwan iStock

Police in Taiwan investigating an orchestrated heist using ATM malware have claimed an "international organised crime ring" may have been involved the scheme that resulted in the loss of millions in cash.

Investigators are now tracking six suspects, most of whom are believed to be from Eastern Europe, according to Focus News Taiwan. It is not thought any of the suspects, who hacked over 30 ATMs using sophisticated malware, are Taiwanese, it added.

As previously reported, the top eight banks in the region were forced to shut down activity on hundreds of cash machines after a coordinated group of thieves were able to steal NT$70m ($2.17m, £1.64m, €1.9m) between 9-10 July. The attack impacted 20 branches of the First Commercial Bank in Taipei and Taichung.

Police said DNA samples have been obtained from a taxi in which the suspects travelled to the airport, while the investigators are reportedly now working with Russian authorities to locate those involved. According to local media, the style of heist was similar to a recent case in Europe – which first floated the possibility that both incidents were linked.

According to Taiwan's Central News Agency, CCTV footage recovered from the banks showed unidentified men in masks putting large amounts of money from the ATMs into backpacks before making a quick getaway.

Roughly NT$70 million was stolen in the coordinated attack, Taiwanese police said.iStock

Upon analysis, First Bank said the robbery was made without "inserting cards or handling the ATMS." Instead, the footage showed the machines simply handing out money without any tampering taking place. Local media have said it is the first known case of such a heist in the country.

Police did not elaborate on the European case, however one major incident was reported in 2014 when cybersecurity firm Kaspersky Lab uncovered a widespread campaign using a piece of ATM malware called Tyupkin.

At the time, it had been used by criminals to withdraw "millions of dollars" and was reportedly active on over 50 ATMs across Eastern Europe – with the most infections in Russia.

"We are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly," the firm said. "This is done by infecting ATMs directly or direct APT-style attacks against the bank. The Tyupkin malware is one such example of attackers moving up the chain and finding weaknesses in ATM infrastructure.